Isolating Suspicious Endpoints with OSSEC

  • Wednesday, 10 Feb 2021 6:30PM UTC (10 Feb 2021 18:30 UTC)
  • Speaker: Xavier Mertens

OSSEC is a great tool to collect logs from your endpoints and servers. But do you know it also provides extra features that may help in your day-to-day IR activities? In this presentation, I'll explain how you can implement a feature proposed by most endpoint protection tools but at a light cost. After a short introduction about OSSEC and requirements, I'll explain step by step the implementation and show you a demo.